Tuesday, October 02, 2007

Starter GPO's - what are they?

With Windows Server 2008 (Codename Longhorn) you will notice a new container called "Starter GPOs" inside the GPMC (version 2.0 - BTW this version will also be available as a separate download for Windows Vista with SP1).

This new container can hold what I would call "templates" for creating new GPO's - with the limitation that only Administrative Template settings are available. When creating new GPO's you can choose to use a Starter GPO as the source (read: template) - which makes it easy and fast to create multiple GPO's with the same baseline configuration.

But, the very cool thing is that you can now "export" those GPO templates (Starter GPO's) to a Cabinet file (.CAB) and then import into another environment - completely independent of the source domain/forest! So, you can create the PERFECT Starter GPO and then bring it around the world, share it on the Internet (if legal?), deploy it on all systems you can get a hold on etc. etc.

When you 'enable' Starter GPO's in the domain for the first time, a folder called "StarterGPOs" is created inside the SYSVOL folder (\\domain.com\SYSVOL\domain.com\StarterGPOs) - this is where all the "magic" is done... For each new Starter GPO you create, you will see a new folder below this StarterGPOs folder - each will have a unique GUID (just like normal group policies). So, when you create a new GPO with a Starter GPO as source a nice and simple COPY process is actually performed - the subfolders and files from the Starter GPO's GUID folder is just copied into the \\domain.com\SYSVOL\domain.com\Policies\[SomeNewGUID] folder - and wupti, you are ready to deploy...

Well, it may not be the same as the Templates we got with AGPM (Advanced Group Policy Management from Desktop Optimization Pack) - but, even if you don't have the required DOP license you still get a few cookies for "free"...

One last thing - remember to create a separate backup process for Starter GPO's, as they are not backed up though the GPMC "Backup All" method you have for the regular GPO's - the yhave a seperate backup procedure. So far there's no script for backing up the Starter GPO's, but I'm pretty sure it will show up (just like the "BackupAllGPOs.wsf script).

And don't worry - if you should get an error like this:

"The overall error was: The system cannot find the path specified. Additional details follow"
"[Error] The backup configuration file [C:\xxx\Backup.xml] cannot be saved. The following error occurred: The system cannot find the path specified."

when performing a backup of your Starter GPO's you are probably testing the RC0 release... That build has a known bug which has been corrected already (RC1)!

But besides from this minor detail I say: Thumbs up for Starter GPO's!